Previously, SIM swappers relied on social engineering or worked with insiders at mobile carrier services to help them port a target's number. However, as companies implemented more protections to thwart these takeovers, cybercriminals turned their attention to emerging opportunities in new technologies.
Now, attackers breach a user's mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim's number to another device on their own.
They can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.
To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for the cellular service provider account and enabling two-factor authentication if available.
But it also does show that banks should not be relying solely on SMS or authentication by SIM.
See
SIM swappers hijacking phone numbers in eSIM attacks
SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
#
technology #
esim #
vulnerabilities
Like Us
Support Hubzilla
